Google to Encrypt Search Engine to protect Wi-Fi users

Google intends to offer this week encryption to their search engine services; this is according to a new blog post.

“Earlier this year, we encrypted Gmail for all our users, and next week we will start offering an encrypted version of Google Search. For other services users can check that pages are encrypted by looking to see whether the URL begins with “https”, rather than just “http”; browsers will generally show a lock icon when the connection is secure.” A part from Google post, more details on this will be demonstrated at Google I / O Google’s Largest Developer Event.

It is noted that Google started to encrypt Gmail traffic by default via https in January 2010, before that user can choose to use http or https to check email. While the option of https was firstly introduced on mid-2008. This can make us think that maybe we will find the same case on search engine.

Using a secured http will help in protecting users search at the wireless networks like airports, cafes and other open networks. Up to now the search remains in the non-encrypted form. While I have read this on the news I have remembered a perfect post on Infosecisland by Christopher Hudel : Should SSL be enabled on every website?

SSL doesn't protect you as much as most people think. A simple combination of SSlStrip, Airbase-ng and ettercap will allow you to perform a MITM attack against most all machines connected to unencrypted wifi. The end user has no idea that anything is going on during the attack!